Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-34111
Thecus 4800Eco exists to contain a command injection vulnerability via the username parameter in /adm/setmain.php.
Thecus N4800eco Firmware -
10
CVSSv2
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
1 Metasploit module
9 Github repositories
2 Articles
10
CVSSv2
CVE-2018-12313
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands without authentication via the "rocommunity" URL parameter.
Asustor Data Master 3.1.1
10
CVSSv2
CVE-2007-0882
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote malicious users to log into cert...
Oracle Solaris 11
Sun Sunos 5.11
Sun Sunos 5.10
Oracle Solaris 10
3 EDB exploits
1 Article
10
CVSSv2
CVE-2004-0450
Format string vulnerability in the printlog function in log2mail prior to 0.2.5.2 allows local users or remote malicious users to execute arbitrary code via format string specifiers in a logfile monitored by log2mail.
Log2mail Log2mail 0.2.5.0
Log2mail Log2mail 0.2.5.1
Log2mail Log2mail 0.2.2.2
Log2mail Log2mail 0.2.5.2
9.4
CVSSv2
CVE-2007-3191
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote malicious users to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
Jffnms Just For Fun Network Management System 0.8.3
1 EDB exploit
9
CVSSv2
CVE-2020-10583
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote authenticated malicious users to execute arbitrary OS commands on the server as the user running the application.
Invigo Automatic Device Management
9
CVSSv2
CVE-2019-14920
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated malicious user to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.
Billion Sg600 R2 Firmware 3.02
9
CVSSv2
CVE-2018-12307
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "name" POST parameter.
Asustor Data Master 3.1.1
9
CVSSv2
CVE-2018-12312
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "secret_key" URL parameter.
Asustor Data Master 3.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »